Transcript Slide 1

Use of Interoperability Standards
and Data Segmentation to Support
Patient Privacy
Johnathan Coleman, CISSP, CISM
[email protected]
Duane Decouteau
[email protected]
DISCLAIMER: The views and opinions expressed in this presentation are those of the author and do not necessarily represent official policy or position of HIMSS.
Learning Objectives
• During this presentation, participants will learn about the
Data Segmentation for Privacy (DS4P) Standards and
Interoperability Initiative. The presentation will:
– Summarize how standards can be used to electronically
enforce a prohibition on redisclosure, which helps
providers and patients selectively disclose health
information and ensure that the information remains
confidential after it is received.
– Provide a brief overview of an implementation approach
from one of the DS4P pilots: VA/SAMHSA
Agenda
• Data Segmentation: Definition and
Purpose
• Examples of Heightened Legal Privacy
Protections
• Technical Approach
• VA/SAMHSA DS4P Pilot
• Conclusion
What is Data Segmentation?
“Process of sequestering from capture, access or view
certain data elements that are perceived by a legal
entity, institution, organization or individual as being
undesirable to share”
Data Segmentation in Electronic Health Information Exchange: Policy
Considerations and Analysis
Melissa M. Goldstein, JD; and Alison L. Rein, MS, Director Academy Health.
Acknowledgements: Melissa M. Heesters, JD; Penelope P. Hughes, JD;
Benjamin Williams; Scott A. Weinstein, JD
Why Segment Data?
• Some healthcare information requires special handling that
goes beyond the protection already provided through the
HIPAA Privacy rule.
• Additional protection through the use of data segmentation
emerged in part through state and federal privacy laws which
address social hostility and stigma associated with certain
medical conditions.*
• Data Segmentation for Privacy provides a means for
electronically implementing choices made under these privacy
laws.
* The confidentiality of alcohol and drug abuse Patient records regulation and the HIPAA privacy rule: Implications for alcohol and
substance abuse programs; June 2004, Substance Abuse and Mental Health Services Administration.
Examples of Heightened Legal Privacy
Protections (1)
• Federal Confidentiality of Alcohol and Drug Abuse
Patient Records regulations [42 CFR Part 2] which
protect specific health information from exchange without
patient consent.
• State and Federal laws protecting data related to select
conditions/types of data
–
–
–
–
–
Mental Health
Data Regarding Minors
Intimate Partner Violence and Sexual Violence
Genetic Information
HIV Related Information
Examples of Heightened Legal Privacy
Protections (2)
• Laws protecting certain types of health data coming from
covered Department of Veterans Affairs facilities and
programs [Title 38, Section 7332, USC]
-
Sickle Cell Anemia
HIV Related Information
Substance Abuse Information
• In addition, the rule 45 CFR §164.522(a)(1)(iv), effective
3/26/2013, describes how patients may withhold any
health information from health plans for services they
received and paid for out-of-pocket.
Data Segmentation for Privacy
TECHNICAL APPROACH
S&I Lifecycle
9
Layered Approach for Privacy Metadata
• “Russian doll” concept of applying metadata with
decreasing specificity as layers are added to the
clinical data.
• Privacy metadata uses standards to convey:
– Confidentiality of data in clinical payload
– Obligations of receiving system
– Allowed purpose of use
Types of Privacy Metadata used by DS4P
• Confidentiality Codes:
– Used by systems to help convey or
enforce rules regarding access to data
requiring enhanced protection. Uses
“highest watermark” approach.
• Purpose of Use:
– Defines the allowed purposes for the disclosure (e.g.
Treatment, Emergency Treatment etc).
• Obligations:
– Specific obligations being placed on the receiving system
(e.g. do not re-disclose without consent).
Privacy metadata along with
payload and transport metadata
are used to enable the disclosure
patient information.
Transport
Metadata
Summary
Document
Payload
Confidentiality:
Restricted
Obligation:
No re-disclosure
Purpose of Use:
For treatment purpose
Data Segmentation for Privacy
VA/SAMHSA PILOT
Data Segmentation Using Healthcare Privacy and Security
Labels (HIMSS 2013)
Advanced technology demonstration of the ONC Data Segmentation for Privacy Initiative, using a standards-based approach for privacy
metadata to achieve interoperability and appropriate sharing of protected information, ensuring those who receive it handle it correctly.
VA Consent
Directive
 VA plans to use Security Labels to
enable enforcement of access
restrictions authorized by the patient
 VA Patients will be able to create
online consent directives to:


Authorize & Revoke Disclosure to
eHealth Exchange and SSA
Grant Providers access to their
MyHealtheVet PHR
VA = Veterans Administration
SSA = Social Security Administration
PHR = Personal Health Record
Privacy Tagged Summary Document
MASKED
UNMASKED
RESTRICTED
NORMAL
(RESTRICTED// HIV)
(NORMAL)
Class
: N]
Class
R,HIV
N
N
N
N
N
N
N
(NORMAL)
N
Secret Key
User Authorization
N
N
(NORMAL)
Security Domain
Access Control System
Security Label conveys Access Control Information about Users and Requested Information
 User Security Labels are called “Clearances”
 Information Security Labels are called “Classifications” such as Confidentiality and Sensitivity
17
7/17/2015
Security Labels Bind Clinical Metadata to Patient Consent
Medication ID
Medication Name
11413
AZT (Zidovudine)
Diagnosis ID
Diagnosis Name
111880001
Acute HIV Disorder
Terminology
RxNorm
Terminology
SNOMED
Confidentiality
Restricted
Sensitivity
HIV
Confidentiality
Restricted
Sensitivity
HIV
Privacy Rule: If Diagnosis=111880001 (HIV) and Medication=11413 (Zidovudine), then Security Label Tags are Confidentiality = R and
Sensitivity = HIV
HCS Clinical Fact Metadata Example
Clinical Fact
Diagnosis
Clinical Attribute
Provenance
<Patient Name >
Source=<Organization>
111880001 Acute HIV infection
(disorder)
hadPrimarySource: SNOMED Code
Security Label
(HL7*)
N
N
Restricted, HIV
wasAttributedTo: <Attending>
Medications
Allergies
<Patient Name >
11413 Zidovudine (AZT)
N
hadPrimarySource: RxNorm
wasDerivedFrom: Diagnosis
Restricted, HIV
<Patient Name >
wasDerivedFrom: Encounter
N
91936005 (Penicillin)
hadPrimarySource: SNOMED CT
N
hadPrimarySource: LOINC
N
hadPrimarySource: CPT
Restricted, HIV
8053 (Lipid Panel)
Laboratory
Report
8320 Total Cholesterol
8316 Triglyceride
8429 HDL
7973 LDL
Procedure
86689.Z7 (HIV-1 Western Blot)
19
NIST FIPS PUB 188 Security Labels
 Security Labels are semantically interoperable metadata for a User’s Clearance to access
Information classified with the same Label
 NIST, ISO, IETF and other security label standards, which are widely used in other
industries including National Defense, can be used in healthcare
NIST = National Institute of Science and Technology; ISO = International Organization for Standardization; IETF = Internet Engineering Taskforce
Data Segmentation for Privacy
CONCLUSION
Conclusion
• Data segmentation provides a means for protecting
specific elements of health information, both within an
EHR and in broader electronic exchange environments,
which can prove useful in implementing current legal
requirements and honoring patient choice.
Please visit the Interoperability Showcase to see live
DS4P Pilot demonstrations:
VA/SAMHSA
NETSMART
Showcase Kiosk # 11-1
Showcase Kiosk #26-1
Federal Points of Contact
VA :
Mike Davis, [email protected]
US Department of Veterans Affairs
SAMHSA:
Richard Thoreson, [email protected]
Substance Abuse and Mental Health Services Administration
ONC:
Scott Weinstein, J.D. [email protected]
Office of the Chief Privacy Officer
Office of the National Coordinator for Health Information Technology
Department of Health and Human Services
Thank You!
Johnathan Coleman, CISSP, CISM
Initiative Coordinator, Data Segmentation for Privacy
Principal, Security Risk Solutions Inc.
698 Fishermans Bend,
Mount Pleasant, SC 29464
Tel: (843) 647-1556
Email: [email protected]
Duane DeCouteau
Senior Software Engineer
Edmond Scientific Company
4000 Legato Road, Suite 1100
Fairfax, Virginia 22033
Tel: (703) 896-7681
Email: [email protected]